publish
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to upload local files to a publicly accessible Cloudflare R2 bucket. This capability creates a data exfiltration surface where sensitive files (e.g., configurations, keys) could be made public if the agent is instructed to do so.\n- [COMMAND_EXECUTION]: The skill executes local bash scripts and the Cloudflare
wranglerCLI to perform configuration, upload, and history management tasks.\n- [EXTERNAL_DOWNLOADS]: The skill usesnpx wranglerto download and execute the Cloudflare Wrangler tool. As Cloudflare is a well-known service provider, this dependency is considered expected for the skill's purpose.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it identifies files for publication based on the agent's current context without explicit boundary markers or sensitivity checks.\n - Ingestion points: File paths and content identified from the agent's environment (SKILL.md Step 2).\n
- Boundary markers: None identified.\n
- Capability inventory: Shell script execution and file upload to a remote public bucket.\n
- Sanitization: Filename sanitization is performed for the object key, but there are no checks to prevent the selection of sensitive files.
Audit Metadata